Provably Secure Contact Tracing with Conditional Private Set Intersection

Takeshita, Jonathan; Karl, Ryan; Mohammed, Alamin; Striegel, Aaron; Jung, Taeho

doi:10.1007/978-3-030-90019-9_18

Cited by 5 publications

(1 citation statement)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In some cases, the goal of the client and server is to compute functions of the intersection, rather than to learn the intersection itself. For instance, in the case of COVID-19 exposure applications, a user simply wants to know if they share any randomly generated codes with those stored on the server, indicating potential exposure [16,[34][35][36]; who those matches are is irrelevant. Similarly, when gauging the effectiveness of ad campaigns by cross-referencing online advertisements with offline credit card transactions [21], the advertiser is interested in knowing the total sales corresponding to a specific set of credit cards used at certain vendors.…”

Section: Introductionmentioning

confidence: 99%

Practical Over-Threshold Multi-Party Private Set Intersection

Mahdavi

Humphries

Kacsmar

et al. 2020

Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Two parties with private data sets can find shared elements using a Private Set Intersection (PSI) protocol without revealing any information beyond the intersection. Circuit PSI protocols privately compute an arbitrary function of the intersectionsuch as its cardinality, and are often employed in an unbalanced setting where one party has more data than the other. Existing protocols are either computationally inefficient or require extensive server-client communication on the order of the larger set. We introduce Practically Efficient PSI or PEPSI, a non-interactive solution where only the client sends its encrypted data. PEPSI can process an intersection of 1024 client items with a million server items in under a second, using less than 5 MB of communication. Our work is over 4 orders of magnitude faster than an existing non-interactive circuit PSI protocol and requires only 10% of the communication. It is also up to 20 times faster than the work of Ion et al., which computes a limited set of functions and has communication costs proportional to the larger set. Our work is the first to demonstrate that non-interactive circuit PSI can be practically applied in an unbalanced setting.

show abstract